Wednesday, March 17, 2010

Dumb Fuzzing Nets Charlie Miller 30 Critical Vulnerabilities

Charlie Miller, the security researcher renowned for hacking Apple products during many a hacking competition, will be making public (at the CanSecWest security conference later this month) his latest research through which - he claims - he was able to find some 30 critical flaws in commonly used software.

Having hacked in the past the MacBook Air and the Safari browser, he might seem bent of making Apple look bad, but his research encompassed testing of software form different vendors: Adobe Reader, Apple Preview, Microsoft PowerPoint and Oracle's OpenOffice.

Using a simple Python script in order to fuzz test the applications, he discovered more than a 1000 ways to crash them. Of that number, 30 bugs allowed him to hijack the programs. And of those 30, 20 were found in Apple's Preview.

He says that he was surprised to find so many bugs, since the only thing required for this kind of testing is some knowledge and a lot of patience - the script was running on the programs for 3 weeks. “It’s shocking that Apple didn’t do this first,” said Miller in an interview with Forbes.

The results are even more surprising when one considers that Adobe Reader was also tested. One of Adobe's most widely used software, Reader is considered to be one of the most flawed applications out there and its vulnerabilities are regularly exploited by cyber criminals.

Miller is still considering what to do with his discovery. He still hasn't revealed the details of the bugs to Apple or to the other vendors, and is thinking about not doing it at all, but keeping them secret and checking occasionally if they have been fixed. This way, we could all definitely know which vendors are serious about security - and which are not.